Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/ohIAeCvbtcSAnkbl8jHDndTBHO0.roa
File:                     ohIAeCvbtcSAnkbl8jHDndTBHO0.roa (raw, json)
Hash identifier:          NLzPbPvpp6PSUqDBOtXnng7EbD7hS0CwGeg1eCAgKxc=
Subject key identifier:   A2:12:00:78:2B:DB:B5:C4:80:9E:46:E5:F2:31:C3:9D:D4:C1:1C:ED
Certificate issuer:       /CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
Certificate serial:       018CC26D5305112A6000BD226267D757DD68
Authority key identifier: 44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/ohIAeCvbtcSAnkbl8jHDndTBHO0.roa
Signing time:             Mon 01 Jan 2024 00:29:53 +0000
ROA not before:           Mon 01 Jan 2024 00:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52000
IP address blocks:        2a0a:2880::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 04:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:53:05:11:2a:60:00:bd:22:62:67:d7:57:dd:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
        Validity
            Not Before: Jan  1 00:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a21200782bdbb5c4809e46e5f231c39dd4c11ced
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:e7:4d:40:07:a9:dd:46:4e:a0:16:a2:42:f0:
                    22:15:24:8b:be:aa:28:d8:e0:2a:c2:6b:a4:c3:65:
                    be:4e:7a:87:5f:ea:a8:cc:8a:6b:65:f7:12:5a:61:
                    bc:25:30:16:88:5e:ae:6a:58:28:a2:60:e8:b4:56:
                    d2:0a:05:14:b9:d9:64:67:21:20:40:5b:8f:05:1f:
                    cb:78:f0:97:86:ed:2e:a1:df:fe:b5:4a:c1:d7:1b:
                    dc:ea:de:be:6e:a8:9d:15:6e:bb:78:3a:f1:fa:4f:
                    3c:1f:10:d4:80:31:3a:86:38:56:4c:00:1c:5f:6a:
                    78:34:c1:57:66:bf:b9:3b:03:5b:d9:4a:59:5d:ba:
                    6f:fd:de:ef:30:ec:54:4b:2c:37:c6:05:de:4d:d6:
                    6c:eb:8e:b3:7c:86:2d:91:63:81:72:f3:07:5d:43:
                    ca:1c:3f:1a:f0:8d:ee:0a:87:0c:b0:ab:4e:e5:af:
                    76:18:60:58:b8:f7:68:ab:5c:89:3f:bc:a9:3e:af:
                    45:5e:24:fb:86:ad:1e:b8:a4:9d:2c:c5:22:4f:0f:
                    a0:8a:df:dc:f7:86:8f:cc:0a:ac:4a:76:25:14:36:
                    8d:89:20:ad:0b:3e:9d:bd:9d:fb:d0:94:8f:dd:74:
                    a1:4c:b7:c9:64:62:1b:6e:85:18:65:d5:72:80:29:
                    bc:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:12:00:78:2B:DB:B5:C4:80:9E:46:E5:F2:31:C3:9D:D4:C1:1C:ED
            X509v3 Authority Key Identifier:
                keyid:44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/ohIAeCvbtcSAnkbl8jHDndTBHO0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:2880::/29

    Signature Algorithm: sha256WithRSAEncryption
         ae:04:ba:21:ba:32:6a:0b:93:80:53:5c:37:f7:16:67:8c:ee:
         1a:ca:71:aa:43:7f:6e:3b:c0:1e:2e:11:30:08:7e:58:1b:59:
         42:b0:a8:0d:a1:da:77:18:86:94:6b:05:d9:46:b7:fd:9a:d9:
         b4:3c:de:b9:58:7c:f1:0f:c9:ef:ab:c0:7c:9a:f1:51:f8:24:
         89:9f:b4:18:8c:25:b5:af:34:d0:9e:c0:08:84:e7:72:12:ed:
         d4:84:24:63:0b:31:3a:99:d1:87:2d:42:b3:cc:78:38:b0:7f:
         8c:df:e2:e4:a6:78:ce:8b:98:14:85:8f:ae:da:5b:d4:74:ae:
         e5:7a:d3:d1:7c:f3:0c:6c:46:dc:cb:2f:5d:70:d7:f1:6b:53:
         5c:a2:64:9d:a3:85:aa:02:bc:61:6b:32:86:9a:73:83:87:5a:
         df:a1:2a:69:6c:6d:48:46:00:24:51:1f:bc:03:c2:89:31:a6:
         90:43:da:25:97:79:4b:9b:20:32:eb:4e:83:08:b8:3a:05:ff:
         ce:3c:1d:5c:3e:f4:de:d5:63:3e:89:f6:c1:7e:4a:dd:c7:3b:
         9a:c9:dd:51:1a:32:da:6c:14:6a:de:99:af:63:46:1b:d4:bf:
         bd:c4:37:7b:02:42:80:5b:c2:73:eb:5d:b2:38:7d:29:67:c1:
         3a:03:f6:36
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzCbVMFESpgAL0iYmfXV91oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTllYzJhNWZkNTM5MDljNTIzOWY0Y2M4ZDZkMzI5YTI3
NzliYjEwHhcNMjQwMTAxMDAyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjEyMDA3ODJiZGJiNWM0ODA5ZTQ2ZTVmMjMxYzM5ZGQ0YzExY2VkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvudNQAep3UZOoBaiQvAiFSSLvqoo
2OAqwmukw2W+TnqHX+qozIprZfcSWmG8JTAWiF6ualgoomDotFbSCgUUudlkZyEg
QFuPBR/LePCXhu0uod/+tUrB1xvc6t6+bqidFW67eDrx+k88HxDUgDE6hjhWTAAc
X2p4NMFXZr+5OwNb2UpZXbpv/d7vMOxUSyw3xgXeTdZs646zfIYtkWOBcvMHXUPK
HD8a8I3uCocMsKtO5a92GGBYuPdoq1yJP7ypPq9FXiT7hq0euKSdLMUiTw+git/c
94aPzAqsSnYlFDaNiSCtCz6dvZ370JSP3XShTLfJZGIbboUYZdVygCm8cQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKISAHgr27XEgJ5G5fIxw53UwRztMB8GA1UdIwQY
MBaAFERZ7Cpf1TkJxSOfTMjW0ymid5uxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTkt
NmI0MzcyNjAyMDk2LzEvb2hJQWVDdmJ0Y1NBbmtibDhqSERuZFRCSE8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTktNmI0MzcyNjAyMDk2
LzEvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgoogDAN
BgkqhkiG9w0BAQsFAAOCAQEArgS6IboyaguTgFNcN/cWZ4zuGspxqkN/bjvAHi4R
MAh+WBtZQrCoDaHadxiGlGsF2Ua3/ZrZtDzeuVh88Q/J76vAfJrxUfgkiZ+0GIwl
ta800J7ACITnchLt1IQkYwsxOpnRhy1Cs8x4OLB/jN/i5KZ4zouYFIWPrtpb1HSu
5XrT0XzzDGxG3MsvXXDX8WtTXKJknaOFqgK8YWsyhppzg4da36EqaWxtSEYAJFEf
vAPCiTGmkEPaJZd5S5sgMutOgwi4OgX/zjwdXD703tVjPon2wX5K3cc7msndURoy
2mwUat6Zr2NGG9S/vcQ3ewJCgFvCc+tdsjh9KWfBOgP2Ng==
-----END CERTIFICATE-----